зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1593760 [wpt PR 20073] - Restrict [un]registerProtocolHandler to secure contexts, a=testonly
Automatic update from web-platform-tests Restrict [un]registerProtocolHandler to secure contexts The registerProtocolHandler() and unregisterProtocolHandler() functions should only be permitted for secure contexts. When called on non-secure contexts, a SecurityError should be thrown. Bug: 882284 Change-Id: Iacf3d31f80f5118e9e9aacad2c99a0111d6e7cc5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892213 Reviewed-by: Gyuyoung Kim <gyuyoung@igalia.com> Reviewed-by: Tarun Bansal <tbansal@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Cr-Commit-Position: refs/heads/master@{#717501} -- wpt-commits: 6ac865ab791bb845839701ac1c99c2ed5ab10c4e wpt-pr: 20073
This commit is contained in:
Родитель
3eaa596922
Коммит
ea639f69db
|
@ -107,12 +107,12 @@ test(() => {
|
|||
test(() => {
|
||||
// This shouldn't throw an exception.
|
||||
window.navigator.registerProtocolHandler('web+myprotocol', "custom-scheme\uD800/url=%s", "title");
|
||||
}, "RegisterPtotocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
|
||||
}, "RegisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
|
||||
|
||||
test(() => {
|
||||
// This shouldn't throw an exception.
|
||||
window.navigator.unregisterProtocolHandler('web+myprotocol', "custom-scheme\uD800/url=%s");
|
||||
}, "UnregisterPtotocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
|
||||
}, "UnregisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
|
||||
|
||||
test(() => {
|
||||
var w = window.open("about:blank#\uD800");
|
||||
|
|
|
@ -21,7 +21,7 @@ test(() => {
|
|||
}, 'the unregisterProtocolHandler method should exist on the navigator object');
|
||||
|
||||
/* URL argument */
|
||||
const vaild_urls = [
|
||||
const valid_urls = [
|
||||
'%s',
|
||||
location.href + '/%s',
|
||||
location.href + '#%s',
|
||||
|
@ -31,7 +31,7 @@ const vaild_urls = [
|
|||
location.href + '/%s/bar/baz/?foo=1337&bar#baz',
|
||||
location.href + '/%s/foo/%s/',
|
||||
];
|
||||
for (const url of vaild_urls) {
|
||||
for (const url of valid_urls) {
|
||||
test(() => {
|
||||
navigator.registerProtocolHandler('tel', url, 'foo');
|
||||
}, 'registerProtocolHandler: Valid URL "' + url + '" should work.');
|
||||
|
@ -61,7 +61,7 @@ for (const url of invalid_urls1) {
|
|||
}, 'unregisterProtocolHandler: Invalid URL "' + url + '" should throw SYNTAX_ERR.');
|
||||
}
|
||||
|
||||
const invaild_urls2 = [
|
||||
const invalid_urls2 = [
|
||||
'http://%s.com',
|
||||
'http://%s.example.com',
|
||||
'http://example.com/%s',
|
||||
|
@ -70,7 +70,7 @@ const invaild_urls2 = [
|
|||
'mailto:%s@example.com',
|
||||
'mailto:%s',
|
||||
];
|
||||
for (const url of invaild_urls2) {
|
||||
for (const url of invalid_urls2) {
|
||||
test(() => {
|
||||
assert_throws('SECURITY_ERR', () => { navigator.registerProtocolHandler('mailto', url, 'foo'); });
|
||||
}, 'registerProtocolHandler: Invalid URL "' + url + '" should throw SECURITY_ERR.');
|
||||
|
@ -84,7 +84,7 @@ for (const url of invaild_urls2) {
|
|||
|
||||
/* Overriding any of the following protocols must never be allowed. That would
|
||||
* break the browser. */
|
||||
const blacklist = [
|
||||
const denylist = [
|
||||
'about',
|
||||
'attachment',
|
||||
'blob',
|
||||
|
@ -124,13 +124,13 @@ const blacklist = [
|
|||
'tel:sip',
|
||||
'web+',
|
||||
];
|
||||
for (const scheme of blacklist) {
|
||||
for (const scheme of denylist) {
|
||||
test(() => {
|
||||
assert_throws('SECURITY_ERR', () => { navigator.registerProtocolHandler(scheme, location.href + '/%s', 'foo'); });
|
||||
}, 'registerProtocolHandler: Attempting to override the "' + scheme + '" protocol should throw SECURITY_ERR.');
|
||||
|
||||
test(() => {
|
||||
assert_throws('SECURITY_ERR', () => { navigator.unregisterProtocolHandler(scheme, location.href + '/%s', 'foo'); });
|
||||
assert_throws('SECURITY_ERR', () => { navigator.unregisterProtocolHandler(scheme, location.href + '/%s'); });
|
||||
}, 'unregisterProtocolHandler: Attempting to override the "' + scheme + '" protocol should throw SECURITY_ERR.');
|
||||
}
|
||||
|
||||
|
@ -161,7 +161,7 @@ const safelist = [
|
|||
'webcal',
|
||||
'wtai',
|
||||
'xmpp',
|
||||
/*other vaild schemes*/
|
||||
/*other valid schemes*/
|
||||
'BitcoIn',
|
||||
'Irc',
|
||||
'MagneT',
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script>
|
||||
test(t => {
|
||||
assert_false('registerProtocolHandler' in navigator);
|
||||
assert_equals(navigator.registerProtocolHandler, undefined);
|
||||
}, "navigator.registerProtocolHandler does not exist in non-secure contexts.");
|
||||
|
||||
test(t => {
|
||||
assert_false('unregisterProtocolHandler' in navigator);
|
||||
assert_equals(navigator.unregisterProtocolHandler, undefined);
|
||||
}, "navigator.unregisterProtocolHandler does not exist in non-secure contexts.");
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче